Role Description:
● Incident Response: Actively participate and provide support in all phases of security incident response, including tracking, stakeholder communication, remediation, and recovery
● Alert Triage & Investigation: Perform Level 2 triage of incoming incidents, providing initial assessment of priority, determining incident nature and risk, and appropriately routing security or privacy data requests
● Deep Dive Analysis: Conduct comprehensive incident response analysis leveraging expertise in cybersecurity incidents, anomaly analysis, log analysis, digital forensics, and common threat vectors
● Tool Proficiency: Utilize Splunk SIEM and support forensic tools to monitor, investigate, and correlate security events
● Reporting & Documentation: Ensure all incident details are accurately entered into the incident tracking system
● Develop detailed incident report during and after incidents, outlining mitigation, recovery, and operational return-to-normal actions
● Record and report all incidents in adherence to Federal and department policies
● Create and track network incidents and investigations through to closure
● Stakeholder Coordination: Coordinate with reporting entities (e.g CISA) to fully understand event details and facilitate effective communication with stakeholders
● Operational Guidance: Serve as key personnel for Incident Management, providing coordination, task assignment, and process guidance for incident response events
● SOP Adherence & Escalation: Strictly follow established SOPs, policies, and procedures for timely escalation and notification of Federal leadership and reporting
● Remediation & Recovery: Actively participate in the remediation and recovery of incidents generated by live threats against the enterprise
● Control Optimization: Review, revise, and recommend enhancements to technical, process, and physical security controls
● Defensive TTP Development: Develop and implement defensive cyber best practice tactics, techniques, and procedures to strengthen our security posture.
● Mentorship: Manage assigned investigations, ensuring active progress and assist Tier 1 analysts as needed to resolve investigations
Required Qualifications & Education:
● Bachelors in science in Computer Science, Information Systems, Mathematics, Engineering, or a related degree OR an additional 2+ years of relevant experience
● 4+ years of Information Technology experience
● Excellent organizational, verbal, presentation/facilitation, and written communication skills. Comfortable presenting briefings to the client.
● Demonstrate proficiency in the Incident Response Process and SOC operations and a good understanding of threat hunting
● Good understanding of system log information and where to collect specific data/attributes as required for the Incident Events
● Operational understanding of enterprise networking and security tools (firewalls, Antivirus, HIDS, IDS/IPS, proxy, WAF), Windows and Unix/Linux systems’ operations
● Experience performing log analysis and reporting
● Experience creating and tracking investigations to resolution
● Experience with Endpoint security solutions, including but not limited toWindows Defender, Tanium, FireEye Solutions, Antivirus Solutions, and EDR Tools
● Understanding of compliance or regulatory frameworks (i.e., FISMA, NIST,ISO)
● Solid understanding of the application, authentication, network security principles, and operating system hardening techniques
● General knowledge of cyber-attack frameworks (MITRE ATT&CK andLockheed Cyber Kill Chain)
● Understanding of Computer Network Defense (CND) policies, procedures, and regulations
● SIEM monitoring and analysis, analyzing network traffic, log analysis, prioritizing and differentiating between potential intrusion attempts and false alarms
● Ability to work with or support senior leaders to understand risk factors and communicate effective mitigation strategies
● Ability to work independently to address and resolve a security incident with minimal supervision
● Cybersecurity certifications are preferred but not required
Clearance and Location Requirements:
● Able to be cleared for a Public Trust clearance.
● This position is currently fully remote.
We're ready to discuss your needs or dive in on your cyber defense journey. Let us know how we can help.
Contact us